FreeBSD 11.3 Patch 13
Approved changes feed: RSS · Atom
cpe:2.3:o:freebsd:freebsd:11.3:p13:*:*:*:*:*:*
part: o version: 11.3 update: p13
| Vendor | Freebsd (1e86ea60-a74f-5f45-ac35-3eb819c9e064) |
|---|---|
| Product | Freebsd (be9b20ed-2a20-5a94-a224-b1a6fdcacb17) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/freebsd/freebsd-src |
purl2cpe | 2026-06-01 10:12:45.165201 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-7468 |
vulnerable | 2026-06-08 05:27:13.136054 |
Details available
In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges.
Published: 2021-03-26T20:27:13.000Z
Updated: 2024-08-04T09:33:19.881Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7467 |
vulnerable | 2026-06-08 05:27:13.134167 |
Details available
In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.
Published: 2021-03-26T20:27:06.000Z
Updated: 2024-08-04T09:33:19.943Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7464 |
vulnerable | 2026-06-08 05:27:13.122681 |
Details available
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.
Published: 2021-03-26T20:55:25.000Z
Updated: 2024-08-04T09:33:18.651Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25583 |
vulnerable | 2026-06-08 05:22:36.859105 |
Details available
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.
Published: 2021-03-29T19:53:57.000Z
Updated: 2024-08-04T15:33:05.760Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24718 |
vulnerable | 2026-06-08 05:22:35.404461 |
Details available
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
Published: 2020-09-25T03:49:02.000Z
Updated: 2024-08-04T15:19:09.334Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.